Cryptology ePrint Archive: Report 2020/573

Quantifying the Security Cost of Migrating Protocols to Practice

Christopher Patton and Thomas Shrimpton

Abstract: We give a framework for relating the concrete security of a “reference” protocol (say, one appearing in an academic paper) to that of some derived, “real” protocol (say, appearing in a cryptographic standard). It is based on the indifferentiability framework of Maurer, Renner, and Holenstein (MRH), whose application has been exclusively focused upon non-interactive cryptographic primitives, e.g., hash functions and Feistel networks. Our extension of MRH is supported by a clearly defined execution model and two composition lemmata, all formalized in a modern pseudocode language. Together, these allow for precise statements about game-based security properties of cryptographic objects (interactive or not) at various levels of abstraction. As a real-world application, we design and prove tight security bounds for a potential TLS 1.3 extension that integrates the SPAKE2 password-authenticated key-exchange into the handshake.

Category / Keywords: cryptographic protocols / real-world cryptography, protocol standards, concrete security, indifferentiability

Original Publication (with major differences): IACR-CRYPTO-2020

Date: received 15 May 2020, last revised 5 Jun 2020

Contact author: cjpatton at ufl edu

Available format(s): PDF | BibTeX Citation

Note: The latest version fixes some presentation issues.

Version: 20200605:140156 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]